Malware Analysis Report

2024-09-23 05:11

Sample ID 240613-eznw7atgmd
Target 5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe
SHA256 445b11911171899ca33aa7ab273855d25d79eba0abc3f26aa50f3685682a660a
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

445b11911171899ca33aa7ab273855d25d79eba0abc3f26aa50f3685682a660a

Threat Level: Likely malicious

The file 5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (5006) files with added filename extension

Renames multiple (3435) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 04:22

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 04:22

Reported

2024-06-13 04:25

Platform

win7-20231129-en

Max time kernel

150s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe"

Signatures

Renames multiple (3435) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libgme_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-3.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\release.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\AssertDisable.nfo.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libnsv_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\mpvis.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\PST8PDT.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sa.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Taipei.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util-lookup.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sampler.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.core_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-charts.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libsharpen_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\bin\wsdetect.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.800.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\ado\msado27.tlb.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdemuxdump_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-util-enumerations.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-modules-appui.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_pitch_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.jpg.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\jfr\default.jfc.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre7\lib\management\snmp.acl.template.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Mozilla Firefox\freebl3.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.properties.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-output2.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

MD5 cdc8d57c9dc519ed1db970fbce25464f
SHA1 2f2bac30a808f85e1aac1753c38797cd3e7d0d12
SHA256 a37206dd13542e973d304b88ea14db94bea1540000f22d74744fd88f7c1a94c7
SHA512 c24706265868622610cf1d8b7ef2452180663c31e88934f98dcb57ffc5d26f5a2e1536e6e523de0af54b433d224f1880136ef01a77eb8bd3d034c7d45e564656

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 3ee552c05fb34ab43e8dafc39ff8ac5d
SHA1 eda4f33fa091c0e455d76d452fb9b2cdbc8114a2
SHA256 62a1a0bc691d613067f70fa0008964f7755cc69f998882f2675a3f312e46d55f
SHA512 f5d5139788d8ea01a488a674520639ee98fca41320a23bb60150de4388aa131a16eea839abe1f557d4c31da7aacb4c038e66b806a9f9486d1fc24853f8eeb24c

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 04:22

Reported

2024-06-13 04:25

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe"

Signatures

Renames multiple (5006) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOCR.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelGlyph.16.White.png.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.Lightweight.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\he\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\jfxrt.jar.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.Interop.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\TrebuchetMs.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymk.ttf.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.ProtectedData.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Calendars.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.AppContext.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfr\profile.jfc.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\Client2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryDashboard.xltx.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ONPPTAddin.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\tzdb.dat.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\gu.pak.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieXLEditTextModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN020.XML.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Sybase.xsl.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART10.BDR.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8EN.DLL.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationNative_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrgc.dll.tmp C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\5e06ddc870a002e7c6ef6c611ae78a60_NeikiAnalytics.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp

MD5 892fd182305ed42fcdb5e5d1811de879
SHA1 5c872595dcd5df901867206bfa86a3ce550b22cb
SHA256 68bbd1d8b855f94bb992092c00e8ac2211d046c4cb9ee505f5271386307f2feb
SHA512 da58735f4017627ee7a0daea97d2fa0227e173520c9ba9c0acf815b06740dc24603c9d2ea111651062cb7b4b9856689db75637a7520fc289f1c623f4f7a61557

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 954499af8dd57303a8f78e7b3db139d7
SHA1 f93e62befe4a2394ba2231214d0573e27ffd5ca7
SHA256 e92a44b2d2089698479cffa41e76fe932a5ba6e3c068465fbb95b8745e1dc6c2
SHA512 c19d7bfba4483bc1fee7cd4a1217e279f63f25a44d740d5f3dc1bc8d98781f32b78318a70442ebd26e226c633c471fce7e848a57c6515a9a533f5140021ed78c